Upgrade to Pro — share decks privately, control downloads, hide ads and more …

X-Ray of Malware Evasion Techniques: Analysis, ...

Thomas Roccia
November 21, 2022
Technology
3
910

X-Ray of Malware Evasion Techniques: Analysis, Dissection, Cure?

This presentation has been presented at Bsides Sydney (https://bsidessydney.org/)

Malware evasion consists of techniques used by malware to bypass security in place, circumvent automated and static analysis as well as avoiding detection and harden reverse engineering. There is a broad specter of techniques that can be used. In this talk we will review the history of malware evasion techniques, understand the latest trends currently used by threat actors and bolster your security analysis skills by getting more knowledge about evasion mechanisms.

Thomas Roccia

November 21, 2022
Tweet

More Decks by Thomas Roccia

See All by Thomas Roccia
The XZ Backdoor Story
fr0gger
0
4.1k
Prompt Engineering for Threat Intelligence
fr0gger
1
250
State-Sponsored Financially Motivated Attacks
fr0gger
0
660
Binary Instrumentation for Malware Analysis
fr0gger
2
1.5k
Conti Leaks: Practical walkthrough and what can we learn from it
fr0gger
0
950
Sharing is Caring: Sharing Threat Intelligence Notebook Edition
fr0gger
0
1.8k
Code Graphology
fr0gger
0
710
AISA - Practical Threat Intelligence
fr0gger
0
1.3k
Hermetic Wiper Infographic
fr0gger
1
840

Other Decks in Technology

See All in Technology
Java x Spring Boot Warm up
kazu_kichi_67
2
490
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
6
1.1k
VPC間の接続方法を整理してみた #自治体クラウド勉強会
non97
1
830
急成長中のWINTICKETにおける品質と開発スピードと向き合ったQA戦略と今後の展望 / winticket-autify
cyberagentdevelopers
PRO
1
160
生成AIの強みと弱みを理解して、生成AIがもたらすパワーをプロダクトの価値へ繋げるために実践したこと / advance-ai-generating
cyberagentdevelopers
PRO
1
180
Nix入門パラダイム編
asa1984
2
200
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
ユーザーの購買行動モデリングとその分析 / dsc-purchase-analysis
cyberagentdevelopers
PRO
2
100
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
Gradle: The Build System That Loves To Hate You
aurimas
2
140
AWS re:Inventを徹底的に楽しむためのTips / Tips for thoroughly enjoying AWS re:Invent
yuj1osm
1
560
端末が簡単にリモートから操作されるデモを通じて ソフトウェアサプライチェーン攻撃対策の重要性を理解しよう
kitaji0306
0
170

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Side Projects
sachag
452
42k
BBQ
matthewcrist
85
9.3k
A better future with KSS
kneath
238
17k
Faster Mobile Websites
deanohume
304
30k
Rails Girls Zürich Keynote
gr2m
93
13k
Art, The Web, and Tiny UX
lynnandtonic
296
20k
Building Applications with DynamoDB
mza
90
6.1k
Git: the NoSQL Database
bkeepers
PRO
425
64k
Six Lessons from altMBA
skipperchong
26
3.5k
Building Adaptive Systems
keathley
38
2.2k
Building Your Own Lightsaber
phodgson
102
6k

Transcript

  1. None
  2. None
  3. None

  4. What are Evasion Techniques? Practical examples and current trends How

    can you step up on that topic? The power of information sharing

  5. All the techniques used by a a software to avoid

    static, dynamic, automatic and human analysis in order to understand its behavior All the techniques used by malware to avoid and evade security solutions, security configuration as well as human detection to perform malicious action the longer on the infected computer.

  6. In Mitre ATT&CK, the Defense Evasion section is the most

    dominant tactic For attackers, the longer the malware remains undetected the longer they can perform actions For defenders, the sooner the malware is detected the less damage it will cause
  7. None

  8. Anti Security techniques Anti Sandboxing techniques Anti Analyst techniques

  9. Infection Vectors Malware Delivery Malware Behavior Actions on Objectives

  10. Malicious Doc Obfuscated Macro Powershell Base64 encoded Dropping Emotet

  11. Binded with legit Software Fake Metadata

  12. Fake Operations to harden reverse engineering and delay sandbox Anti-disassembly

    with Code Spaghetti

  13. Encrypted data related to host sent to multiple C2 Multiple

    Network Connections not available in the binary

  14. 2015 2016 2017 2019 2020 2021 2022 Creation of Unprotect

    Project First public release at Botconf Creation of the Unprotect POC BlackHat ASIA @DarkCoderSc joined the project Redesign, includes detection rules and code snippets API Engine, statistics

  15. Community centric open project dedicated to cataloguing malware evasion techniques

    Includes detection rules (Yara, Sigma, Capa) and code snippets Extends the Mitre ATTT&CK Defense Evasion Section Share and improve knowledge about evasion mechanisms Propose a detailed classification
  16. None
  17. None
  18. None
  19. None

  20. Malware Evasion Techniques are used by malware to avoid detection

    and analysis These techniques are highly regarded by threat actors. The Unprotect Project is a database dedicated to it and provide the broadest knowledge about evasion techniques.
  21. None